Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/hmac: panics #45252

Closed
Mr-Leshiy opened this issue Mar 26, 2021 · 2 comments
Closed

crypto/hmac: panics #45252

Mr-Leshiy opened this issue Mar 26, 2021 · 2 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.

Comments

@Mr-Leshiy
Copy link

Hello I have found a weird behaviour of the sha256 Reset() method with the hmac. So I have the following question.
Why does this example produce panics ?

sha256Hash := sha256.New()

salt := []byte{1, 2, 3}

hmac.New(func() hash.Hash {
	sha256Hash.Reset()
	return sha256Hash
}, salt)
panic: crypto/hmac: hash generation function does not produce unique values

But this example does not produce panics

salt := []byte{1, 2, 3}

hmac.New(func() hash.Hash {
	return sha256.New()
}, salt)

What is the difference between these examples.
@ericlagergren
Copy link
Contributor

ericlagergren commented Mar 26, 2021
edited

This on purpose. See: #41089

cc: @FiloSottile

@seankhliao seankhliao changed the title golang/crypto hmac panics crypto/hmac: panics Mar 26, 2021
@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Mar 26, 2021
@FiloSottile
Copy link
Contributor

An HMAC instance needs two independent hash instances simultaneously. Your first example used to produce incorrect results if you tried to call hmac.Reset.

@pacoorozco pacoorozco mentioned this issue Apr 4, 2021
Closed
@dffffffff dffffffff mentioned this issue May 10, 2021
Closed
endorama added a commit to endorama/2ami that referenced this issue Oct 28, 2021
@endorama
update github.com/99designs/keyring to 1.1.6
b08fd9f 
After updates to 1.17 manual test triggered
golang/go#45252

Thus updating is required.
@golang golang locked and limited conversation to collaborators Mar 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@FiloSottile @ericlagergren @gopherbot @seankhliao @Mr-Leshiy